Summary: Researchers have identified a “quishing” campaign that exploits Microsoft Office credentials through QR codes, resulting in a significant surge in traffic to phishing pages. This campaign primarily targets victims in Asia and North America across various industries, leveraging the credibility of Microsoft Sway to deceive users.
Threat Actor: Unknown | unknown
Victim: Various | various
Key Point :
- The “quishing” campaign has led to a 2,000-fold increase in traffic to unique Microsoft Sway phishing pages.
- Attackers exploit QR codes, tricking users into scanning them with mobile devices that often lack robust security measures.
- Microsoft Sway’s open access and integration with Microsoft 365 accounts add a layer of legitimacy to the phishing attempts.
- Researchers recommend users verify URLs and organizations to review security policies to mitigate such threats.
Last month, researchers uncovered a “quishing” campaign targeting Microsoft Office credentials, incurring an abrupt 2,000-fold increase in traffic to unique Microsoft Sway phishing pages.
Quishing refers to a form of phishing that uses QR codes to trick users into opening malicious pages, according to the researchers at Netskope Threat Labs.
The campaign has targeted victims mainly in Asia and North America, across multiple industries such as technology, manufacturing, and finance.
“Attackers instruct their victims to use their mobile devices to scan the QR code in hopes that these mobile devices lack the stringent security measures typically found on corporate issued ones,” said the researchers in an article. “These QR phishing campaigns employ two techniques from previous posts: the use of transparent phishing and Cloudflare Turnstile.”
Sway is a free Microsoft 365 application that anyone with a Microsoft account can access. Attackers, however, take advantage of this open access, using the credibility of these legitimate cloud applications to deceive users. Not just this, but Sway is accessed once a victim is already logged into their Microsoft 365 account, adding an additional layer of legitimacy to persuade these users into opening malicious pages.
The researchers advise that users check URLs and type them directly into the Web browser to avoid falling victim to such attacks. They also recommend that organizations review security policies to ensure they are protected against these kinds of scams.